Commit d98f7e33 authored by Sietse Ringers's avatar Sietse Ringers
Browse files

Merge branch 'master' into condiscon

parents a0660056 7a4a04f9
......@@ -18,6 +18,7 @@ type SchemeManager struct {
URL string `xml:"Url"`
Contact string `xml:"contact"`
Description TranslatedString
MinimumAppVersion SchemeAppVersion
KeyshareServer string
KeyshareWebsite string
KeyshareAttribute string
......@@ -32,6 +33,11 @@ type SchemeManager struct {
index SchemeManagerIndex
}
type SchemeAppVersion struct {
Android int `xml:"Android"`
IOS int `xml:"iOS"`
}
// Issuer describes an issuer.
type Issuer struct {
ID string `xml:"ID"`
......
......@@ -111,8 +111,8 @@ func (s *Server) verifyConfiguration(configuration *server.Configuration) error
}
for _, file := range files {
filename := file.Name()
if filepath.Ext(filename) != ".xml" && strings.Count(filename, ".") != 3 {
s.conf.Logger.Infof("Skipping non-private key file %s encountered in private keys path", filename)
if filepath.Ext(filename) != ".xml" || filename[0] == '.' || strings.Count(filename, ".") != 2 {
s.conf.Logger.WithField("file", filename).Infof("Skipping non-private key file encountered in private keys path")
continue
}
issid := irma.NewIssuerIdentifier(strings.TrimSuffix(filename, filepath.Ext(filename))) // strip .xml
......
......@@ -838,7 +838,7 @@ func (client *Client) keyshareEnrollWorker(managerID irma.SchemeManagerIdentifie
}
transport := irma.NewHTTPTransport(manager.KeyshareServer)
kss, err := newKeyshareServer(managerID, manager.KeyshareServer)
kss, err := newKeyshareServer(managerID)
if err != nil {
return err
}
......@@ -882,7 +882,7 @@ func (client *Client) KeyshareVerifyPin(pin string, schemeid irma.SchemeManagerI
}
}
kss := client.keyshareServers[schemeid]
return verifyPinWorker(pin, kss, irma.NewHTTPTransport(kss.URL))
return verifyPinWorker(pin, kss, irma.NewHTTPTransport(scheme.KeyshareServer))
}
func (client *Client) KeyshareChangePin(manager irma.SchemeManagerIdentifier, oldPin string, newPin string) {
......@@ -900,7 +900,7 @@ func (client *Client) keyshareChangePinWorker(managerID irma.SchemeManagerIdenti
return errors.New("Unknown keyshare server")
}
transport := irma.NewHTTPTransport(kss.URL)
transport := irma.NewHTTPTransport(client.Configuration.SchemeManagers[managerID].KeyshareServer)
message := keyshareChangepin{
Username: kss.Username,
OldPin: kss.HashedPin(oldPin),
......
......@@ -54,7 +54,6 @@ type keyshareSession struct {
}
type keyshareServer struct {
URL string `json:"url"`
Username string `json:"username"`
Nonce []byte `json:"nonce"`
SchemeManagerIdentifier irma.SchemeManagerIdentifier
......@@ -127,13 +126,9 @@ const (
kssPinError = "error"
)
func newKeyshareServer(
schemeManagerIdentifier irma.SchemeManagerIdentifier,
url string,
) (ks *keyshareServer, err error) {
func newKeyshareServer(schemeManagerIdentifier irma.SchemeManagerIdentifier) (ks *keyshareServer, err error) {
ks = &keyshareServer{
Nonce: make([]byte, 32),
URL: url,
SchemeManagerIdentifier: schemeManagerIdentifier,
}
_, err = rand.Read(ks.Nonce)
......@@ -194,12 +189,13 @@ func startKeyshareSession(
}
for managerID := range session.Identifiers().SchemeManagers {
if !ks.conf.SchemeManagers[managerID].Distributed() {
scheme := ks.conf.SchemeManagers[managerID]
if !scheme.Distributed() {
continue
}
ks.keyshareServer = ks.keyshareServers[managerID]
transport := irma.NewHTTPTransport(ks.keyshareServer.URL)
transport := irma.NewHTTPTransport(scheme.KeyshareServer)
transport.SetHeader(kssUsernameHeader, ks.keyshareServer.Username)
transport.SetHeader(kssAuthHeader, "Bearer "+ks.keyshareServer.token)
transport.SetHeader(kssVersionHeader, "2")
......@@ -372,7 +368,8 @@ func (ks *keyshareSession) GetCommitments() {
comms := &proofPCommitmentMap{}
err := transport.Post("prove/getCommitments", comms, pkids[managerID])
if err != nil {
if err.(*irma.SessionError).RemoteError.Status == http.StatusForbidden && !ks.pinCheck {
if err.(*irma.SessionError).RemoteError != nil &&
err.(*irma.SessionError).RemoteError.Status == http.StatusForbidden && !ks.pinCheck {
// JWT may be out of date due to clock drift; request pin and try again
// (but only if we did not ask for a PIN earlier)
ks.pinCheck = false
......
......@@ -1279,13 +1279,21 @@ func (conf *Configuration) UpdateSchemeManager(id SchemeManagerIdentifier, downl
return
}
func (conf *Configuration) updateSchemes() error {
func (conf *Configuration) UpdateSchemes() error {
updated := IrmaIdentifierSet{
SchemeManagers: map[SchemeManagerIdentifier]struct{}{},
Issuers: map[IssuerIdentifier]struct{}{},
CredentialTypes: map[CredentialTypeIdentifier]struct{}{},
}
for id := range conf.SchemeManagers {
Logger.WithField("scheme", id).Info("Auto-updating scheme")
if err := conf.UpdateSchemeManager(id, nil); err != nil {
if err := conf.UpdateSchemeManager(id, &updated); err != nil {
return err
}
}
if !updated.Empty() {
return conf.ParseFolder()
}
return nil
}
......@@ -1294,7 +1302,7 @@ func (conf *Configuration) AutoUpdateSchemes(interval uint) {
conf.scheduler = gocron.NewScheduler()
conf.scheduler.Every(uint64(interval)).Minutes().Do(func() {
if err := conf.updateSchemes(); err != nil {
if err := conf.UpdateSchemes(); err != nil {
Logger.Error("Scheme autoupdater failed: ")
if e, ok := err.(*errors.Error); ok {
Logger.Error(e.ErrorStack())
......
......@@ -116,7 +116,7 @@ func setFlags(cmd *cobra.Command, production bool) error {
flags.String("client-listen-addr", "", "address at which server for IRMA app listens")
flags.Lookup("port").Header = `Server address and port to listen on`
flags.Bool("no-auth", !production, "whether or not to authenticate requestors")
flags.Bool("no-auth", !production, "whether or not to authenticate requestors (and reject all authenticated requests)")
flags.String("requestors", "", "requestor configuration (in JSON)")
flags.StringSlice("disclose-perms", nil, "list of attributes that all requestors may verify (default *)")
flags.StringSlice("sign-perms", nil, "list of attributes that all requestors may request in signatures (default *)")
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment